12:23 p.m.
[
https://issues.jboss.org/browse/WFLY-10240?page=com.atlassian.jira.plugin...
]
R Searls commented on WFLY-10240:
---------------------------------
This permissions failure when using -secmgr and JDK-8 is a known issue.
I had an email discussion about this with David L. on Feb 20.
David wrote .......
{code:java}
OK it looks like it's the JDK itself which lacks security manager
permissions, which is interesting: we can't really control that
directly.
The CXF "Compiler" class uses
javax.tools.ToolProvider.getSystemJavaCompiler() to get an instance of
Compiler. This instance comes from a URL class loader which is
constructed on the spot by the JDK to load classes from its tools.jar.
The class loader created by the JDK does not grant any static
permssions to the loaded classes, causing the tool to fail.
The workaround is to create a security policy which grants
AllPermission to "file:/usr/java/jdk1.8.0_72/lib/tools.jar". I'm not
sure we can come up with a "proper" fix in the JDK before Java 9
(where the tools are included in the main runtime).
CXF could probably come up with an "improper" fix where the compiler
is located using ServiceLoader (which will work cleanly on Java 9 but
will require support from JBoss Modules in Java 8).
I think we'll have to live with the workaround for now otherwise.
{code}
The workaround is to provide a security.policy file via the -Djava.security.policy
option.
I've attached an example security.policy file. You would add it to your JAVA_OPTS
env var
{code:java}
export
JAVA_OPTS="-Djava.security.policy=<PATH_TO>/Echo1-security.policy";
{code}
The contents of Echo1-security.policy would be
{code:java}
grant {
permission java.security.AllPermission;
};
{code}
WS scripts throws AccessControlException when secmgr is used
------------------------------------------------------------
Key: WFLY-10240
URL: https://issues.jboss.org/browse/WFLY-10240
Project: WildFly
Issue Type: Bug
Components: Scripts, Web Services
Reporter: Marek Kopecký
Assignee: R Searls
Priority: Blocker
WS scripts throws AccessControlException when secmgr is used
{noformat}
[mkopecky@dhcp-10-40-5-128 bin]$ java -version
openjdk version "1.8.0_162"
OpenJDK Runtime Environment (build 1.8.0_162-b12)
OpenJDK 64-Bit Server VM (build 25.162-b12, mixed mode)
[mkopecky@dhcp-10-40-5-128 bin]$ ./wsconsume.sh -secmgr
https://raw.githubusercontent.com/jbossws/jbossws-cxf/master/modules/test...
Could not find log4j.properties or log4j.xml configuration, logging to console.
Loading FrontEnd jaxws ...
Loading DataBinding jaxb ...
wsdl2java -compile -exsh false -d
/home/mkopecky/playground/wf/wfly.23/wfly.23/bin/output/tmp5146068 -verbose -classdir
/home/mkopecky/playground/wf/wfly.23/wfly.23/bin/output -allowElementReferences
https://raw.githubusercontent.com/jbossws/jbossws-cxf/master/modules/test...
wsdl2java - Apache CXF 3.2.4
[mkopecky@dhcp-10-40-5-128 bin]$ export SECMGR=true
[mkopecky@dhcp-10-40-5-128 bin]$ ./wsconsume.sh -secmgr
https://raw.githubusercontent.com/jbossws/jbossws-cxf/master/modules/test...
Could not find log4j.properties or log4j.xml configuration, logging to console.
Loading FrontEnd jaxws ...
Loading DataBinding jaxb ...
wsdl2java -compile -exsh false -d
/home/mkopecky/playground/wf/wfly.23/wfly.23/bin/output/tmp4759967 -verbose -classdir
/home/mkopecky/playground/wf/wfly.23/wfly.23/bin/output -allowElementReferences
https://raw.githubusercontent.com/jbossws/jbossws-cxf/master/modules/test...
wsdl2java - Apache CXF 3.2.4
JBWS024002: Failed to invoke org.apache.cxf.tools.wsdlto.WSDLToJava
org.apache.cxf.tools.common.ToolException: java.security.AccessControlException:
WFSM000001: Permission check failed (permission "("java.io.FilePermission"
"/home/mkopecky/playground/wf/wfly.23/wfly.23/bin/output/tmp4759967/org/openuri/_2004/_04/helloworld/EndpointInterface.java"
"read")" in code source
"(file:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.162-3.b12.fc26.x86_64/lib/tools.jar
<no signer certificates>)" of
"java.net.FactoryURLClassLoader@e4d2696")
at
org.apache.cxf.tools.wsdlto.WSDLToJavaContainer.execute(WSDLToJavaContainer.java:420)
at org.apache.cxf.tools.common.toolspec.ToolRunner.runTool(ToolRunner.java:105)
at org.apache.cxf.tools.wsdlto.WSDLToJava.run(WSDLToJava.java:113)
at org.jboss.wsf.stack.cxf.tools.CXFConsumerImpl.consume(CXFConsumerImpl.java:313)
at org.jboss.ws.tools.cmd.WSConsume.importServices(WSConsume.java:298)
at org.jboss.ws.tools.cmd.WSConsume.mainInternal(WSConsume.java:108)
at org.jboss.ws.tools.cmd.WSConsume.main(WSConsume.java:96)
at org.jboss.modules.Module.runMainMethod(Module.java:348)
at org.jboss.modules.Module.run(Module.java:328)
at org.jboss.modules.Main.main(Main.java:557)
Caused by: java.security.AccessControlException: WFSM000001: Permission check failed
(permission "("java.io.FilePermission"
"/home/mkopecky/playground/wf/wfly.23/wfly.23/bin/output/tmp4759967/org/openuri/_2004/_04/helloworld/EndpointInterface.java"
"read")" in code source
"(file:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.162-3.b12.fc26.x86_64/lib/tools.jar
<no signer certificates>)" of
"java.net.FactoryURLClassLoader@e4d2696")
at
org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295)
at
org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192)
at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
at
org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:360)
at java.io.File.isDirectory(File.java:844)
at com.sun.tools.javac.file.RegularFileObject.<init>(RegularFileObject.java:69)
at com.sun.tools.javac.file.RegularFileObject.<init>(RegularFileObject.java:64)
at
com.sun.tools.javac.file.JavacFileManager.getJavaFileObjectsFromFiles(JavacFileManager.java:785)
at
com.sun.tools.javac.file.JavacFileManager.getJavaFileObjectsFromStrings(JavacFileManager.java:185)
at org.apache.cxf.common.util.Compiler.useJava6Compiler(Compiler.java:202)
at org.apache.cxf.common.util.Compiler.compileFiles(Compiler.java:141)
at org.apache.cxf.tools.common.ClassUtils.compile(ClassUtils.java:123)
at
org.apache.cxf.tools.wsdlto.WSDLToJavaContainer.processWsdl(WSDLToJavaContainer.java:303)
at
org.apache.cxf.tools.wsdlto.WSDLToJavaContainer.execute(WSDLToJavaContainer.java:164)
at
org.apache.cxf.tools.wsdlto.WSDLToJavaContainer.execute(WSDLToJavaContainer.java:412)
... 9 more
[mkopecky@dhcp-10-40-5-128 bin]$
{noformat}
{noformat}
[mkopecky@dhcp-10-40-5-128 bin]$ java -version
openjdk version "1.8.0_162"
OpenJDK Runtime Environment (build 1.8.0_162-b12)
OpenJDK 64-Bit Server VM (build 25.162-b12, mixed mode)
[mkopecky@dhcp-10-40-5-128 bin]$ ./wsprovide.sh -k -c ~/erase13/classes -o out
org.jboss.as.testsuite.integration.scripts.test.tools.Echo1Impl
Could not find log4j.properties or log4j.xml configuration, logging to console.
java2ws -s /home/mkopecky/playground/wf/wfly.23/wfly.23/bin/out -classdir
/home/mkopecky/playground/wf/wfly.23/wfly.23/bin/out -d
/home/mkopecky/playground/wf/wfly.23/wfly.23/bin/out -verbose -cp
/home/mkopecky/erase13/classes/: -wrapperbean -createxsdimports
org.jboss.as.testsuite.integration.scripts.test.tools.Echo1Impl
java2ws - Apache CXF 3.2.4
[mkopecky@dhcp-10-40-5-128 bin]$ export SECMGR=true
[mkopecky@dhcp-10-40-5-128 bin]$ ./wsprovide.sh -k -c ~/erase13/classes -o out
org.jboss.as.testsuite.integration.scripts.test.tools.Echo1Impl
Could not find log4j.properties or log4j.xml configuration, logging to console.
java2ws -s /home/mkopecky/playground/wf/wfly.23/wfly.23/bin/out -classdir
/home/mkopecky/playground/wf/wfly.23/wfly.23/bin/out -d
/home/mkopecky/playground/wf/wfly.23/wfly.23/bin/out -verbose -cp
/home/mkopecky/erase13/classes/: -wrapperbean -createxsdimports
org.jboss.as.testsuite.integration.scripts.test.tools.Echo1Impl
java2ws - Apache CXF 3.2.4
java.security.AccessControlException: WFSM000001: Permission check failed (permission
"("java.io.FilePermission"
"/home/mkopecky/playground/wf/wfly.23/wfly.23/bin/out/org/jboss/as/testsuite/integration/scripts/test/tools/jaxws/EchoPlus1Response.java"
"read")" in code source
"(file:/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.162-3.b12.fc26.x86_64/lib/tools.jar
<no signer certificates>)" of
"java.net.FactoryURLClassLoader@29876704")
at
org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:295)
at
org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:192)
at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
at
org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:360)
at java.io.File.isDirectory(File.java:844)
at com.sun.tools.javac.file.RegularFileObject.<init>(RegularFileObject.java:69)
at com.sun.tools.javac.file.RegularFileObject.<init>(RegularFileObject.java:64)
at
com.sun.tools.javac.file.JavacFileManager.getJavaFileObjectsFromFiles(JavacFileManager.java:785)
at
com.sun.tools.javac.file.JavacFileManager.getJavaFileObjectsFromStrings(JavacFileManager.java:185)
at org.apache.cxf.common.util.Compiler.useJava6Compiler(Compiler.java:202)
at org.apache.cxf.common.util.Compiler.compileFiles(Compiler.java:141)
at
org.apache.cxf.tools.java2wsdl.generator.wsdl11.BeanGenerator.generateAndCompile(BeanGenerator.java:91)
at
org.apache.cxf.tools.java2wsdl.generator.wsdl11.BeanGenerator.generate(BeanGenerator.java:58)
at
org.apache.cxf.tools.java2wsdl.generator.wsdl11.BeanGenerator.generate(BeanGenerator.java:35)
at
org.apache.cxf.tools.java2wsdl.processor.JavaToWSDLProcessor.generate(JavaToWSDLProcessor.java:156)
at
org.apache.cxf.tools.java2wsdl.processor.JavaToWSDLProcessor.process(JavaToWSDLProcessor.java:118)
at
org.apache.cxf.tools.java2ws.JavaToWSContainer.processWSDL(JavaToWSContainer.java:110)
at org.apache.cxf.tools.java2ws.JavaToWSContainer.execute(JavaToWSContainer.java:75)
at org.apache.cxf.tools.common.toolspec.ToolRunner.runTool(ToolRunner.java:105)
at org.apache.cxf.tools.common.toolspec.ToolRunner.runTool(ToolRunner.java:45)
at org.apache.cxf.tools.java2ws.JavaToWS.run(JavaToWS.java:83)
at org.jboss.wsf.stack.cxf.tools.CXFProviderImpl.provide(CXFProviderImpl.java:200)
at org.jboss.wsf.stack.cxf.tools.CXFProviderImpl.provide(CXFProviderImpl.java:109)
at org.jboss.ws.tools.cmd.WSProvide.generate(WSProvide.java:223)
at org.jboss.ws.tools.cmd.WSProvide.main(WSProvide.java:89)
at org.jboss.modules.Module.runMainMethod(Module.java:348)
at org.jboss.modules.Module.run(Module.java:328)
at org.jboss.modules.Main.main(Main.java:557)
[mkopecky@dhcp-10-40-5-128 bin]$
{noformat}
Second example uses classes from classes.zip file attached in WFLY-10238
cc: [~jbliznak]
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
2949
days inactive
2949
days old
0 comments
1 participants
participants (1)
-
R Searls (JIRA)